locked
Further problem with activation on lenovo system RRS feed

  • Question

  • Thanks to Noel Paton I succeeded in resolving issues on three PC's which were showing as not genuine and I believe , incorrectly preventing upgrading to Win10 pro. ( Thanks again Noel for the patient provision of help)

    I am having a problem with a fourth which is not responding to the previous solutions. I have already run SFC / scannow and had some of the activation files restored - I have also reset permissions to remove any deny permissions. MGADiag Tool was though showing tampered sppsvc . I reset the permissions to the standard for this file also which resolved that matter but now I have sppuinotify showing as tampered. Again I reset the permission on that file (dll) but MGADiag still shows a tamper and a fresh SFC /scannow shows no issues needing resolving.

    I post an uptodate MGADiag Tool output below:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-R6W7M-FD7WF-HX267
    Windows Product Key Hash: Q9v1KP4tDK3l+WDkHUFXjW2Nn84=
    Windows Product ID: 00371-OEM-9308877-35287
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {E2DD5DB0-0792-4AF9-9C8F-D0D689D8EDA1}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_rc.100929-1730
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Access Runtime (English) 2007 - 121
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E2DD5DB0-0792-4AF9-9C8F-D0D689D8EDA1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HX267</PKey><PID>00371-OEM-9308877-35287</PID><PIDType>8</PIDType><SID>S-1-5-21-3337272658-591744055-3104788474</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7303WHR</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT43AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20090907000000.000000+000</Date></BIOS><HWID>723C3107018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62275</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1765CA03E677D8A</Val><Hash>oP+DZrDE1T6e5vY3TRMZLHw3dBw=</Hash><Pid>89388-709-7325542-65731</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17105

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-088-735287-02-6153-7601.0000-1832016
    Installation ID: 016632703244144112021491576960341042005374257731063205
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: HX267
    License Status: Unlicensed
    Remaining Windows rearm count: 3
    Trusted time: 02/07/2016 20:25:54

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0002000000000000
    Event Time Stamp: 7:2:2016 10:30
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered Service: sppuinotify


    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJQudwS9SOSqdspgmkWcaQKaYi92FkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TC-5H   
      FACP            LENOVO        TC-5H   
      HPET            LENOVO        TC-5H   
      MCFG            LENOVO        TC-5H   
      SLIC            LENOVO        TC-5H   
      OEMB            LENOVO        TC-5H   

    Some things I notice :

    • The aforementioned sppuinotify tamper
    • On the BIOS table the previously mentioned PC's had a further line  - SSDT information. THE PC's were identical to this one

    Any help with what this MGADiag suggests is the problem welcome.

    Saturday, July 2, 2016 7:34 PM

Answers

  • UPDATE:

    Ok I realized the pre-release issue was because a pre-release version of  SP1 was installed. Uninstalled that update then downloaded and installed the full SP1 KB976932

    Tried slmgr / ato - result suggested using slui.exe . Used slui 3 and entered Product key ( obtained using Nirsofts keyfinder) - result said not genuine go online . Went on the genuine windows page , downloaded and ran legitcheck.hta which validated the key. Ran slmgr /ato again - success Windows now activated.

    New MGADiag below:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-R6W7M-FD7WF-HX267
    Windows Product Key Hash: Q9v1KP4tDK3l+WDkHUFXjW2Nn84=
    Windows Product ID: 00371-OEM-9308877-35287
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {E2DD5DB0-0792-4AF9-9C8F-D0D689D8EDA1}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_rtm.101119-1850
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Access Runtime (English) 2007 - 121
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E2DD5DB0-0792-4AF9-9C8F-D0D689D8EDA1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HX267</PKey><PID>00371-OEM-9308877-35287</PID><PIDType>8</PIDType><SID>S-1-5-21-3337272658-591744055-3104788474</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7303WHR</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT43AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20090907000000.000000+000</Date></BIOS><HWID>720C3707018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62275</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1765CA03E677D8A</Val><Hash>oP+DZrDE1T6e5vY3TRMZLHw3dBw=</Hash><Pid>89388-709-7325542-65731</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-088-735287-02-6153-7601.0000-1942016
    Installation ID: 016632703244144112021491576960341042005374257731063205
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: HX267
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 12/07/2016 00:41:31

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 7:12:2016 00:38
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJQudwS9SOSqdspgmkWcaQKaYi92FkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TC-5H   
      FACP            LENOVO        TC-5H   
      HPET            LENOVO        TC-5H   
      MCFG            LENOVO        TC-5H   
      SLIC            LENOVO        TC-5H   
      OEMB            LENOVO        TC-5H 

    I suspect removewat (I had it already neutralised/reversed by the time of the first post in this thread)  was blocking the rtm SP1 ? .Might need to do a full windows update session but otherwise looks like we are OK ?


    • Edited by Padr78 Tuesday, July 12, 2016 12:01 AM correct spelling/grammar
    • Proposed as answer by Noel D PatonModerator Tuesday, July 12, 2016 1:26 PM
    • Marked as answer by Padr78 Tuesday, July 12, 2016 11:03 PM
    Monday, July 11, 2016 11:58 PM

All replies

  • Don't worry about the SSDT data - it's not relevant here.

    As far as the SPPUINOTIFY tamper is concerned...

    Please open an Elevated (Administrator) Command Prompt window and use the following
    commands....

     

    net start sppuinotify

    sc qc sppuinotify

    sc queryex sppuinotify

    sc qprivs sppuinotify

    sc qsidtype sppuinotify

    sc sdshow sppuinotify

     

    Copy and paste the output to your reply



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, July 8, 2016 11:43 AM
    Moderator
  • Hi Noel,

    Output as requested.

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>net start sppuinotify
    The SPP Notification Service service is starting.
    The SPP Notification Service service was started successfully.

    C:\Windows\system32>sc qc sppuinotify
    [SC] QueryServiceConfig SUCCESS

    SERVICE_NAME: sppuinotify
            TYPE               : 20  WIN32_SHARE_PROCESS
            START_TYPE         : 3   DEMAND_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : SPP Notification Service
            DEPENDENCIES       : EventSystem
            SERVICE_START_NAME : NT AUTHORITY\LocalService

    C:\Windows\system32>sc queryex sppuinotify

    SERVICE_NAME: sppuinotify
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 4  RUNNING
                                    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 1392
            FLAGS              :

    C:\Windows\system32>sc qprivs sppuinotify
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppuinotify
            PRIVILEGES       : SeChangeNotifyPrivilege
                             : SeImpersonatePrivilege

    C:\Windows\system32>sc qsidtype sppuinotify
    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: sppuinotify
    SERVICE_SID_TYPE:  UNRESTRICTED

    C:\Windows\system32>sc sdshow sppuinotify

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWRPWPDTLOCRRC;;;S-1-5-80-123231216-259288
    3651-3715271367-3753151631-4175906628)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CC
    LCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDR
    CWDWO;;;WD)

    C:\Windows\system32>

    Friday, July 8, 2016 10:04 PM
  • Hmmm - I can't see anything wrong there (normally, a tampered service will  show some form of error in starting up, or errors in privileges.)

    Back to basics, then...

    SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt
    - the Elevated Command Prompt window should pop up.

    At the Command prompt, type

    SFC /SCANNOW

    and hit the Enter key

    Wait for the scan to finish - make a note of any error messages - and then reboot.

    Upload the CBS.log file (compressed, please!) to your OneDrive or DropBox Public folder,
    and post a link - also post a new MGADiag report.



    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, July 11, 2016 1:38 PM
    Moderator
  • Thanks Noel - output as requested

    The SFC scan results said integrity was OK:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>sfc /scannow

    Beginning system scan.  This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.

    Windows Resource Protection did not find any integrity violations.

    C:\Windows\system32>

    However I see in the CBS file a lot of files moved and also references to duplicate ownership .

    CBS file uploaded to OneDrive - link OneDrive SBS File

    New MGADiagFile below- Tamper seems to be gone

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-R6W7M-FD7WF-HX267
    Windows Product Key Hash: Q9v1KP4tDK3l+WDkHUFXjW2Nn84=
    Windows Product ID: 00371-OEM-9308877-35287
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {E2DD5DB0-0792-4AF9-9C8F-D0D689D8EDA1}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_rc.100929-1730
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Access Runtime (English) 2007 - 121
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E2DD5DB0-0792-4AF9-9C8F-D0D689D8EDA1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HX267</PKey><PID>00371-OEM-9308877-35287</PID><PIDType>8</PIDType><SID>S-1-5-21-3337272658-591744055-3104788474</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7303WHR</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT43AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20090907000000.000000+000</Date></BIOS><HWID>72D83F07018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62275</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1765CA03E677D8A</Val><Hash>oP+DZrDE1T6e5vY3TRMZLHw3dBw=</Hash><Pid>89388-709-7325542-65731</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17105

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-088-735287-02-6153-7601.0000-1832016
    Installation ID: 016632703244144112021491576960341042005374257731063205
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: HX267
    License Status: Unlicensed
    Remaining Windows rearm count: 3
    Trusted time: 11/07/2016 22:08:18

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C4A8
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 7:8:2016 22:51
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJQudwS9SOSqdspgmkWcaQKaYi92FkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TC-5H   
      FACP            LENOVO        TC-5H   
      HPET            LENOVO        TC-5H   
      MCFG            LENOVO        TC-5H   
      SLIC            LENOVO        TC-5H   
      OEMB            LENOVO        TC-5H   

    I have tried again validating via slmgr /ato and slui 3 but both still fail. I also occasionally get a message about a pre-release version being expired ?

    Monday, July 11, 2016 9:41 PM
  • UPDATE:

    Ok I realized the pre-release issue was because a pre-release version of  SP1 was installed. Uninstalled that update then downloaded and installed the full SP1 KB976932

    Tried slmgr / ato - result suggested using slui.exe . Used slui 3 and entered Product key ( obtained using Nirsofts keyfinder) - result said not genuine go online . Went on the genuine windows page , downloaded and ran legitcheck.hta which validated the key. Ran slmgr /ato again - success Windows now activated.

    New MGADiag below:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-R6W7M-FD7WF-HX267
    Windows Product Key Hash: Q9v1KP4tDK3l+WDkHUFXjW2Nn84=
    Windows Product ID: 00371-OEM-9308877-35287
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {E2DD5DB0-0792-4AF9-9C8F-D0D689D8EDA1}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_rtm.101119-1850
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Access Runtime (English) 2007 - 121
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E2DD5DB0-0792-4AF9-9C8F-D0D689D8EDA1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HX267</PKey><PID>00371-OEM-9308877-35287</PID><PIDType>8</PIDType><SID>S-1-5-21-3337272658-591744055-3104788474</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>7303WHR</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>5HKT43AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20090907000000.000000+000</Date></BIOS><HWID>720C3707018400F8</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-5H   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62275</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1765CA03E677D8A</Val><Hash>oP+DZrDE1T6e5vY3TRMZLHw3dBw=</Hash><Pid>89388-709-7325542-65731</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
    Activation ID: da22eadd-46dc-4056-a287-f5041c852470
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00186-088-735287-02-6153-7601.0000-1942016
    Installation ID: 016632703244144112021491576960341042005374257731063205
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: HX267
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 12/07/2016 00:41:31

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 7:12:2016 00:38
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJQudwS9SOSqdspgmkWcaQKaYi92FkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            LENOVO        TC-5H   
      FACP            LENOVO        TC-5H   
      HPET            LENOVO        TC-5H   
      MCFG            LENOVO        TC-5H   
      SLIC            LENOVO        TC-5H   
      OEMB            LENOVO        TC-5H 

    I suspect removewat (I had it already neutralised/reversed by the time of the first post in this thread)  was blocking the rtm SP1 ? .Might need to do a full windows update session but otherwise looks like we are OK ?


    • Edited by Padr78 Tuesday, July 12, 2016 12:01 AM correct spelling/grammar
    • Proposed as answer by Noel D PatonModerator Tuesday, July 12, 2016 1:26 PM
    • Marked as answer by Padr78 Tuesday, July 12, 2016 11:03 PM
    Monday, July 11, 2016 11:58 PM
  • Sorry - I missed the RC SP1 content!

    There's no evidence of RemoveWat being installed in any of the Diag reports - how did you 'neutralise' it?

    That latest report looks fine, so you probably only have a couple of hundred updates to do! ;)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, July 12, 2016 7:13 AM
    Moderator
  • There's no evidence of RemoveWat being installed in any of the Diag reports - how did you 'neutralise' it?

    That latest report looks fine, so you probably only have a couple of hundred updates to do! ;)



      The previous steps I had taken were:

    Ran a SFC /SCANNOW first. Then checked permissions for files  in Wat folder and also for slmgr, slui, slwga, sppuinotify and anything else the SFC scan sorted. Deleted removewat's version of slmgr , deleted any deny permissions and checked standard permissions were correct or copied ACL's from a good file . All this had been done by the time I posted the first DiagReport above - the prior DiagReports were showing tampers and I could see a removewat version of slmgr. I think I may have copied the sppuinotify from the winsxs folder which must have caused the tamper on it. This seemed to "neutralise" RemoveWat and allow the key ( which was always believed to be correct and valid) to activate - RemoveWat may have originally been innocently used ( not by me)  to try to deal with complications activating what was believed to be a valid key.

    I really appreciate your help and guidance on this and my previous thread - you deserve credit for all the help you are providing on the forums.


    • Edited by Padr78 Tuesday, July 12, 2016 12:54 PM clarify post
    Tuesday, July 12, 2016 12:53 PM
  • That's the hard way - but probably best, if you're leery about downloading the 'WAT Fix' tool for what is admittedly a rather dubious source. I've tested that tool a number of times, and never found it to do anything nasty to my test installation, so I believe it to be OK, but can't guarantee that it doesn't have any problems whatever.

    RemoveWAT on the other hand does have serious consequences for the user - as you found out! It also has the problem  that it has been bundled at times with malware/adware.

    Well done on the cleanup - and good luck for the future.

    Thanks for the nice words. ;)


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Tuesday, July 12, 2016 1:26 PM
    Moderator